Pavan Duggal gave a presentation on cybercrimes and due diligence. He discussed several high profile cybercrime cases in India and noted that cybercrimes are severely underreported. The key cybercrime categories are crimes against persons, property, and the government. The Information Technology Act 2000 defines and punishes offenses such as hacking and publishing obscene material online. New forms of cybercrime are constantly emerging. Companies need to conduct due diligence audits to limit their legal liability and comply with data security laws.

1. A PRESENTATION
BY
PAVAN DUGGAL,
ADVOCATE, SUPREME COURT OF
INDIA
PRESIDENT,CYBERLAW ASIA
CYBERLAW CONSULTANT,
MEMBER, MAC, ICANN
NIRC-ICAI SEMINAR
1-4-2006 , DELHI

2. CYBERCRIMES
AND
DUE DILIGENCE

3. CYBERCRIMES GALORE
• ARIF AZIM CASE
• Juvenile found guilty for sending threatening
email
• SHEKHAR VERMA CASE
• Juvenile Found guilty for sending threting
email
• MANY MANY MORE THAT OCCUR BUT
ARE NEVER REPORTED

4. GROSS UNDER
REPORTING
• FOR EVERY 500 INSTANCES OF
CYBERCRIMES THAT OCCUR IN
INDIA,
• ONLY 50 ARE REPORTED AND
• OUT OF THE SAME, ONLY ONE CASE
GETS REGISTERED BY THE POLICE.
• UNDER REPORTING DOES NOT
EQUAL TO ABSENCE OF CYBERCRIME

5. CYBERCRIME
DEFINITION
• Cybercrime refers to all the activities done
with criminal intent in cyberspace or using
the medium of Internet.
• These could be either the criminal activities
in the conventional sense or may be activities
newly evolved with the growth of the new
medium.

6. CYBERCRIME IMPACT ON
IT
• Cybercrime adversely impacts various activities in
the electronic medium using computers, computer
systems and computer networks
• Effect is not just destruction or adverse impact on
data.
• Cybercrimes also have the ability to disrupt or
damage computers, computer systems and
computer networks as also data or information
resident therein
• Cybercrimes directly inhibit e-commerce and the
free use of the Internet and computers.

7. CYBERCRIME
CATEGORIES
• Cybercrimes can be basically
divided into 3 major categories
being Cybercrimes
– against persons
– against property
– against Government

8. STATISTICS
• The Asian School of Cyberlaws’
Computer Crime and Abuse Report
(India) 2001-02 reports that Data Theft at
33% makes up largest category of
reported incidents of Cybercrime.
• Of this 37% of data stolen is the
Source/Object Code.

9. INFORMATION
TECHNOLOGY ACT, 2000 &
CYBERCRIME
• Various cyber offences defined
• Cyber offences to be investigated only by
a Police Officer not below the rank of the
Deputy Superintendent of Police.

10. CYBER OFFENCES UNDER
THE IT ACT
• Tampering with computer source
documents – Section 65
• Hacking - Section 66
• Publishing of information which is
obscene in electronic form - Section 67

11. SECTION 65
• Tampering with computer source documents
• Knowingly or intentionally concealing,
destroying or altering or intentionally or
knowingly causing another to conceal, destroy
or alter any computer source code used for
computer, computer programme, computer
system or computer network, when the
computer source code is required to be kept or
maintained by law for the time being in force

12. PUNISHMENT FOR
TAMPERING COMPUTER
SOURCE DOCUMENTS
• Imprisonment up to three years, or with
fine which may extend up to two lakh
rupees, or with both.

13. SECTION 66
• Hacking with computer system
• Occurs when there is intent to cause or
knowledge that one is likely to cause wrongful
loss or damage to the public or any person by
destroying or deleting or altering any
information residing in a computer resource or
diminishing its value or utility or affecting it
injuriously by any means

14. PUNISHMENT FOR
HACKING
• Imprisonment up to three years, or with
fine which may extend upto two lakh
rupees, or with both.

15. SECTION 67
• Publishing of information which is obscene in
electronic form
• Publishing or transmitting or causing to be
published in the electronic form, any material
which is lascivious or appeals to the prurient
interest or if its effect is such as to tend to
deprave and corrupt persons who are likely,
having regard to all relevant circumstances, to
read, see or hear the matter contained or
embodied in it

16. PUNISHMENT FOR
PUBLISHING OBSCENE
INFORMATION IN
ELECTRONIC FORM
• On first conviction - imprisonment of either
description for a term which may extend to five
years and with fine which may extend to one
lakh rupees
• Second or subsequent conviction -
imprisonment of either description for a term
which may extend to ten years and also with
fine which may extend to two lakh rupees.

17. CYBER OFFENCES UNDER
THE IT ACT (contd)
• Breach of confidentiality and privacy
• Misrepresentation
• Publishing Digital Signature Certificate
false in certain particulars and publication
for fraudulent purposes.

18. NEW MANIFESTATIONS
• NEW FORMS AND
MANIFESTATIONS OF
CYBERCRIMES EMERGING
EVERYDAY.

19. IT ACT DEFICIENT
• The offences defines in the IT Act are by
no means exhaustive.
• However, the drafting of the relevant
provisions of the IT Act make it appear as
if the offences detailed in the said IT Act
are the only Cyber offences possible and
existing.

20. NEED FOR
INGENUITY
• Just as human mind is ingenious enough to
devise new ways for perpetuating crime,
similarly, human ingenuity needs to be
channelised into developing effective legal and
regulatory mechanisms to control and prevent
Cybercrimes.

21. BREACH OF SECURITY
• Breach of security attracts consequences of civil
liability.
• If a person without the permission of owner or
any other person in charge of a computer,
computer system or computer network, accesses
or secures access to such computer, computer
system or computer network, he is liable to pay
statutory damages by way of compensation, not
exceeding one crore rupees to the person so
affected.

22. CIVIL LIABILITY
• Downloading, copying or extracting any data,
computer database or information from such
system or introducing any computer virus into
the same or damaging, destructing or causing
to be damaged or disruption of the same or
denying the access to any authorized person
of the same, and providing any assistance to
any person for doing any of the acts mentioned
above, would also attract the civil liability of
damages by way of compensation not
exceeding rupees one crore.

23. BREACH OF
SECURITY (contd.)
• Breach of security is also implicitly
recognized as a penal offence in the form
of hacking.
• This offence is declared as a penal
offence punishable with three years
imprisonment and two lakh rupees fine.

24. INVESTIGATION
• For the purpose of investigating the
offences detailed under the IT Act, 2000,
police officers not below the rank of
Deputy Superintendent of Police have
been duly authorized and who have also
been given the power of entry, search and
arrest without warrant in public places.

25. Section 79
• For the removal of doubts, it is hereby declared
that no person providing any service as a
network service provider shall be liable under
this Act, rules or regulations made thereunder
for any third party information or data made
available by him if he proves that the offence or
contravention was committed without his
knowledge or that he had exercised all due
diligence to prevent the commission of such
offence or contravention.

26. Network Service Providers:
When Not Liable
• Explanation.—For the purposes of this section,
—
(a) "network service provider" means an
intermediary;
(b) "third party information" means any
information dealt with by a network service
provider in his capacity as an intermediary.

27. OFFENCES BY
COMPANIES
Where a person committing a contravention of
any of the provisions of this Act or of any rule,
direction or order made thereunder is a
company, every person who, at the time the
contravention was committed, was in charge of,
and was responsible to, the company for the
conduct of business of the company as well as
the company, shall be guilty of the
contravention and shall be liable to be
proceeded against and punished accordingly:

28. OFFENCES BY
COMPANIES(contd)
Provided that nothing contained in this
sub-section shall render any such person
liable to punishment if he proves that the
contravention took place without his
knowledge or that he exercised all due
diligence to prevent such contravention.

29. CLAUSE 49, SEBI
• FOR LISTED COMPANIES
• CERTIFICATIONS BY CEO AND THE
COMPLAINCE OFFICER
• CERTIFICATION OF DATA ,
INFORMATION, COMPUTERS,
COMPUTER SYSTEMS AND COMPUTER
NETWORKS
• NEED FOR CYBER LEGAL DUE
DILIGENCE

30. DUE DILIGENCE
• Compliance with IT Act, IT Rules, notifications
etc.
• Compliance with Indian Evidence Act.
• Information Technology Security Policy
• Legal Authentication of E- records.
• Retention of E-records as per law.

31. CONCLUSION
• Techno-Legal Risks in today’s Business
Environment.
• Need to have a systematic plan for to measure
risk of exposure to the same.
• Due Diligence and Compliance only mantra of
survival in today’s E- world.

32. PDA DUE DILIGENCE VER 1.
• PAVAN DUGGAL ASSOCIATES
• PAVAN DUGGAL DUE DILIGENCE
VERSION 1.
• 33 PARAMETERS, COMPLIANCE WITH
THE IT ACT, 2000

33. CONCLUSION(contd)
• Limiting your liability for criminal activities
done on your computers, computers and
computer networks by others is absolutely
essential lest we face some unpleasant
situations.

34. CONCLUSION(contd)
• CYBERLAW AUDIT OF YOUR OPERATIONS
USING COMPUTERS, COMPTUER SYSTEMS
AND COMPUTER NETWORKS CRITICAL FOR
YOUR CONTINUED GROWTH.
• PAVAN DUGGAL ASSOCIATES UNDERTAKES
CYBERLAW AUDITS FOR CLIENTS FOR
LIMITING THEIR LIABILITY

35. THAT WAS A PRESENTATION
BY
PAVAN DUGGAL,
ADVOCATE, SUPREME COURT OF
INDIA
HEAD, PAVAN DUGGAL
ASSOCIATES,
PRESIDENT,CYBERLAWS.NET
EMAIL : pduggal@vsnl.com
pduggal@gmail.com